05641nam 2200685 450 991046468920332120200520144314.01-78328-478-1(CKB)3710000000137754(EBL)1644005(OCoLC)881886712(SSID)ssj0001326195(PQKBManifestationID)11913875(PQKBTitleCode)TC0001326195(PQKBWorkID)11517194(PQKB)10365811(MiAaPQ)EBC1644005(PPN)228035929(Au-PeEL)EBL1644005(CaPaEBR)ebr10887984(CaONFJC)MIL624231(EXLCZ)99371000000013775420140710h20142014 uy 0engur|n|---|||||txtccrBuilding virtual pentesting labs for advanced penetration testing build intricate virtual architecture to practice any penetration testing technique virtually /Kevin Cardwell ; cover image by Tony ShiBirmingham, [England] :Packt Publishing,2014.©20141 online resource (430 p.)Community Experience DistilledIncludes index.1-78328-477-3 Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing Penetration Testing; Security testing; Authentication; Authorization; Confidentiality; Integrity; Availability; Non-repudiation; Abstract testing methodology; Planning; Nonintrusive target search; Intrusive target search; Data analysis; Reporting; Myths and misconceptions of pen testing; Summary; Chapter 2: Choosing the Virtual Environment; Open source and free environments; VMware Player; VirtualBox; Xen; Hyper-V; vSphere Hypervisor; Commercial environmentsvSphereVMware Player Plus; XenServer; VMware Workstation; Image conversion; Converting from a physical to virtual environment; Summary; Chapter 3: Planning a Range; Planning; What are we trying to accomplish?; By when do we have to accomplish it?; Identifying vulnerabilities; Vulnerability sites; Vendor sites; Summary; Chapter 4: Identifying Range Architecture; Building the machines; Building new machines; Conversion; Cloning a virtual machine; Selecting network connections; The bridged setting; Network Address Translation; The host-only switch; The custom settings; Choosing range componentsThe attacker machineRouter; Firewall; Web server; Summary; Chapter 5: Identifying a Methodology; The OSSTMM; The Posture Review; Logistics; Active detection verification; Visibility Audit; Access verification; Trust verification; Control verification; Process verification; Configuration verification; Property validation; Segregation review; Exposure verification; Competitive intelligence scouting; Quarantine verification; Privileges audit; Survivability validation; Alert and log review; CHECK; NIST SP-800-115; The information security assessment methodology; Technical assessment techniquesComparing tests and examinationsTesting viewpoints; Overt and covert; Offensive Security; Other methodologies; Customization; Summary; Chapter 6: Creating an External Attack Architecture; Establishing layered architectures; Configuring firewall architectures; iptables; Deploying IDS/IPS and load balancers; Intrusion Detection System (IDS); Intrusion Prevention System (IPS); Load balancers; Integrating web application firewalls; Summary; Chapter 7: Assessment of Devices; Assessing routers; Evaluating switches; MAC attacks; VLAN hopping attacks; GARP attacks; Attacking the firewallIdentifying the firewall rulesTricks to penetrate filters; Summary; Chapter 8: Architecting an IDS/IPS Range; Deploying a network-based IDS; Implementing the host-based IDS and endpoint security; Working with virtual switches; Evasion; Determining thresholds; Stress testing; Shell code obfuscation; Summary; Chapter 9: Assessment of Web Servers and Web Applications; Analyzing the OWASP Top Ten attacks; Injection flaws; Broken authentication and session management; Cross-Site Scripting; Insecure direct object references; Security misconfiguration; Sensitive data exposureMissing function-level access controlWritten in an easy-to-follow approach using hands-on examples, this book helps you create virtual environments for advanced penetration testing, enabling you to build a multi-layered architecture to include firewalls, IDS/IPS, web application firewalls, and endpoint protection, which is essential in the penetration testing world. If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pen testing labs in varying industry scenarios, this is the book for you. This book is ideal if yoCommunity experience distilled.Computer networksSecurity measuresComputer securityTestingComputersAccess controlElectronic books.Computer networksSecurity measures.Computer securityTesting.ComputersAccess control.005.8Cardwell Kevin901593Shi TonyMiAaPQMiAaPQMiAaPQBOOK9910464689203321Building virtual pentesting labs for advanced penetration testing2444080UNINA